17e774d8c7
Preserve existing refresh token if new refresh token not returned
...
During an oauth2 refresh if the authorization server doesn't return a new refresh token, preserve the existing one.
Fixes: gh-6503
2019-02-07 15:11:23 -05:00
594a169798
Introduce OAuth2AuthorizationRequest.attributes
...
Fixes gh-5940
2019-02-07 11:49:17 -05:00
95e0e7243d
Save original request on oauth2Client filter
...
When we used the oauth2Client directive and requested an endpoint that
required client authorization on the authorization server, the
SPRING_SECURITY_SAVED_REQUEST was not persisted, and therefore after
creating the authorized client we were redirected to the root page ("/").
Now we are storing the session attribute and getting redirected back to
the original URI as expected.
Note that the attribute is stored only when a
ClientAuthorizationRequiredException is thrown in the chain, we dont
want to store it as a response to the
/oauth2/authorization/{registrationId} endpoint, since we would end
up in an infinite loop
Fixes gh-6341
2019-01-25 09:15:44 -06:00
2a867997e2
Polish gh-6415
2019-01-14 13:33:58 -05:00
fe5f10e9a2
Extract the ID Token JwtDecoderFactory to enable user customization
...
This commit ensures that the JwtDecoderFactory is not a private field inside
the Oidc authentication provider by extracting this class and giving the
possibility to customize the way different providers are validated.
Fixes: gh-6379
2019-01-14 13:33:58 -05:00
f234a5fbdb
ID Token validation supports clock skew
...
Fixes gh-5839
2019-01-09 16:03:13 -05:00
d878dbf30e
Polish gh-6349
2019-01-09 10:15:02 -05:00
057ed616c4
Improve error messages in OidcIdTokenValidator
...
This commit ensures that error messages contain more specific
information regarding the reported error.
Fixes: gh-6323
2019-01-09 10:15:02 -05:00
c94f13a971
Polish tests
2019-01-08 11:16:22 -06:00
673a2adf26
Polish oauth2 client ExchangeFilterFunction's
...
Fixes gh-6355
2019-01-07 14:39:25 -05:00
993e11dcd3
Polish gh-6127
2019-01-07 13:50:17 -05:00
1c9ab9197e
When expired retrieve new Client Credentials token.
...
Once client credentials access token has expired retrieve a new token from the OAuth2 authorization server.
These tokens can't be refreshed because they do not have a refresh token associated with. This is standard behaviour for Oauth 2 client credentails
Fixes gh-5893
2019-01-07 13:50:17 -05:00
d77b12d229
authorization_uri Uses UriComponentsBuilder
...
Because of this, authorization_uri can now be a fully-qualified url.
Fixes: gh-5760
2018-12-21 13:23:47 -07:00
9c0d78da71
Extract OidcTokenValidator to an OAuth2TokenValidator
...
Fixes gh-5930
2018-12-21 11:06:40 -05:00
8f4f52edb9
Support configurable JwtDecoder for IdToken verification
...
Fixes gh-5717
2018-12-21 09:24:55 -06:00
1bfa38b1bd
Validate Scopes in ClientRegistrationBuilder
...
Fixes: gh-6256
2018-12-14 10:41:29 -07:00
e25bea2cf7
Author: Shraiysh Vaishay cs17btech11050@iith.ac.in
...
Add WebClientReactiveAuthorizationCodeTokenResponseClient.setWebClient
Fixes gh-6182
2018-12-06 11:18:39 -06:00
566bc6a6e1
Test OpenID Discovery with Trailing Slash
...
Fixes gh-6234
2018-12-05 10:54:30 -07:00
fdc81822ec
Add WebClientReactiveClientCredentialsTokenResponseClient setWebClient
...
Added the ability to specify a custom WebClient in
WebClientReactiveClientCredentialsTokenResponseClient.
Also added testing to ensure the custom WebClient is not null and is
used.
Fixes: gh-6051
2018-11-28 15:44:36 -06:00
2a8233d035
Remove PowerMock from oauth2-core and oauth2-jose
...
Issue: gh-6025
2018-11-20 14:02:10 -07:00
80e13bad41
Remove PowerMock from oauth2-client
...
Issue: gh-6025
2018-11-19 18:09:00 -07:00
f6414e9a52
Make InMemory*ClientRegistrationRepository Consistent
...
The previous builders with the list argument were inconsistent with their
respective builders of var args.
2018-11-19 15:09:30 -06:00
e1d68e4f6b
WebClientReactiveClientCredentialsTokenResponseClient.getTokenResponse expects 2xx http status code
...
This ensures that token response is only extracted when ClientResponse has a successful status
Fixes: gh-6089
2018-11-19 10:50:33 -06:00
d28e32b000
NimbusJwtDecoder Builder
...
A Builder to simply common construction patterns for NimbusJwtDecoder
Issue: gh-6010
2018-11-14 15:53:47 -06:00
a96893a42a
Remove charset from Accept header in UserInfo request
...
Fixes gh-6017
2018-10-25 12:56:45 -04:00
e1b095df32
Allow in-memory client registration repos to be constructed with a map
...
Fixes gh-5918
2018-10-18 14:07:12 -04:00
07d2e43d7a
Deprecate NimbusAuthorizationCodeTokenResponseClient
...
Fixes gh-5954
2018-10-15 09:01:19 -04:00
725b3b5482
Fix OAuth2AuthorizationCodeGrantWebFilter works w/ /{action/
...
Issue: gh-5856
2018-09-20 21:39:09 -05:00
d46f83caf4
Ensure consistent matching of redirect_uri
...
Fixes gh-5890
2018-09-20 14:30:41 -04:00
410f6bae1a
Fix ServerOAuth2AuthorizedClientExchangeFilterFunctionTests Merge
...
Issue: gh-5872
2018-09-19 11:53:21 -05:00
dcbf762a0b
WebClient OAuth2 Support for defaultClientRegistrationId
...
Fixes: gh-5872
2018-09-19 11:47:04 -05:00
e8d8eb59bf
Make OAuth2AuthorizedClient Serializable
...
Fixes gh-5757
2018-09-19 10:47:30 -04:00
2c078c5dd9
Remove expiresAt constructor-arg in OAuth2RefreshToken
...
Fixes gh-5854
2018-09-19 10:47:30 -04:00
cc8935e904
Fix Reactive OIDC to add refresh token
...
Fixes: gh-5858
2018-09-17 21:21:36 -05:00
385bdfc055
OAuth2AuthorizationCodeGrantWebFilter works with /{action}/
...
This ensures that the same URL can work for both log in and
authorization code which prevents having to create additional registrations
on the client and potentially on the server (GitHub only allows a single
valid redirect URL).
Fixes: gh-5856
2018-09-17 21:21:36 -05:00
ed9cd478ba
Polish
...
Issue gh-5776
2018-09-12 11:57:53 -04:00
8746e71b9a
Use OAuth2AuthorizationException in authorization flows
2018-09-11 14:53:42 -05:00
ef02ab2f8a
DefaultOAuth2UserService handles OAuth2AuthorizationException
2018-09-11 14:53:42 -05:00
7474d6524e
DefaultAuthorizationCodeTokenResponseClient throws OAuth2AuthorizationException
2018-09-11 14:53:42 -05:00
56b4576396
DefaultClientCredentialsTokenResponseClient throws OAuth2AuthorizationException
...
Fixes gh-5726
2018-09-11 14:53:42 -05:00
e56c048db3
Remove OAuth2ClientException
2018-09-11 14:53:42 -05:00
26e577b0fa
UnauthenticatedServerOAuth2AuthorizedClientRepository->UnAuthenticatedServerOAuth2AuthorizedClientRepository
...
Issue: gh-5817
2018-09-07 15:29:35 -05:00
11ea92ef1c
Add UnauthenticatedServerOAuth2AuthorizedClientRepository
...
Fixes: gh-5817
2018-09-07 15:28:40 -05:00
438d2911fb
OAuth2AuthorizedClientResolver
...
Extract out a private API for shared code between the argument resolver
and WebClient support. This makes it easier to make changes in both
locations. Later we will extract this out so it is not a copy/paste
effort.
Issue: gh-4921
2018-09-07 08:58:00 -05:00
23726abb1e
ServerOAuth2AuthorizedClientExchangeFilterFunction default ServerWebExchange
...
Leverage ServerWebExchange established by ServerWebExchangeReactorContextWebFilter
Issue: gh-4921
2018-09-07 08:57:25 -05:00
ac78258847
ServerOAuth2AuthorizedClientExchangeFilterFunction defaultOAuth2AuthorizedClient
...
Defaults to use the OAuth2AuthenticationToken to resolve the authorized client
Issue: gh-4921
2018-09-07 08:57:00 -05:00
158b8aa6d5
ServerOAuth2AuthorizedClientExchangeFilterFunction clientRegistrationId
...
Issue: gh-4921
2018-09-07 08:56:49 -05:00
28537fa3b6
WebClientReactiveClientCredentialsTokenResponseClient
...
Fixes: gh-5607
2018-09-07 08:53:35 -05:00
89f2874bff
ServerOAuth2AuthorizedClientExchangeFilterFunction clientRegistrationId
...
You can now provide the clientRegistrationId and
ServerOAuth2AuthorizedClientExchangeFilterFunction will look up the authorized client automatically.
Issue: gh-4921
2018-09-07 08:52:35 -05:00
5bcbb1c40f
ServerOAuth2AuthorizedClientExchangeFilterFunction uses ServerOAuth2AuthorizedClientRepository
...
Issue: gh-4921
2018-09-07 08:52:18 -05:00
Fabien Arrault
Joe Grandja
Gerardo Roza
Rafael Dominguez
Johnny Lim
Warren Bailey
Josh Cummings
shraiysh
jer051
dperezcabrera
Vedran Pavic
Rob Winch